Using https://IPA/ipa/migration, users can migrate their password to their 
Kerberos
principals successfully, a subsequent login to /ui gives them interface to 
change attrs
to their account.

But if their LDAP password is shorter than the default policy of 8 letter (IPA 
migrate
the password but set it as expired,) they have no chance to reset it to meet 
the policy
through the UI. I had to help them login in with a ssh session to a IPA client 
machine
to do this, although the majority of my users do not need the ability to have 
interactive
ssh sessions.

Is there a possibility to enable users to change or reset expired password in 
the UI?

Thanks,

Qing Chang

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to